Are the appropriate IT Governance controls in place to protect your Firm’s Value?

by | Feb 8, 2022 | Legal Firms

 

In most organisations, and law firms are no exception,, IT has grown organically, meeting business needs as they arise.

Those demands have come through thick and fast from almost all areas of the organisation’s operations. IT has become integral to almost all aspects of operations in most legal practices, putting immense pressure on those that are responsible for delivering these systems.

Under that pressure, it’s not uncommon for normal governance approaches to lag behind, but given the importance of IT, these clearly need attention.

There’s a wide range of topics that need thought.  Examples include :

Access Rights

From protecting systems with passwords, having a strong password policy, multi-factor authentication or PIN policies for mobile devices – with no PIN, a stolen mobile device can yield up significant amounts of data, personal information and website access details.

Policies

Are policies in place for appropriate use of devices, internet, email etc?

 For example, do you have a Data Privacy Policy?  Has every signed up to it?  Have you assigned someone to be your Privacy Officer?

A common response for small NZ businesses is that they have never needed these, but these have to be in place before you need them. Once an employee takes advantage, the horse has bolted. Are they up to date? Do they cover consumer cloud services such as Dropbox? Do they cover BYOD?

Antivirus and EDR (xDR)

Security patches are the fence at the top of the cliff and anti-virus can be the ambulance at the bottom. We have seen organisations, including law firms, suffer significant downtime because of a virus infection that would have been prevented by patching.

Security

Data security process – With data privacy concerns emerging, and legislation like GDPR becoming relevant, how well placed is your organisation to ensure it follows best practice?  Leal practices should know their obligations under the law better than most, and privacy is well ingrained for most legal staff, but not all your staff have the same awareness and training.

Do your systems allow you to track compliance, do you know what personal data your organisation holds?  This can often be informally held by well-meaning colleagues as well as your official systems, meaning that training and awareness matter as much as software – and that’s something that extends beyond the IT department.

Reporting

Do you check it – these aspects might be set up once, but unless you check regularly, they can lapse and fall away.

Do you have regular IT reporting in place, and does it cover the topics you really need to know about? These will span infrastructure (are the backups working and tested?) do you have any pending capacity considerations?  What’s the reliability of core systems like?

 

A Kinetics FlightPlan is the structured process to easily help you find the answers to these questions, and more.

For more information, contact us today.

If you aren’t sure who in your organiusatin is best to answer these questions, it is probably time you tried a contract part-time IT Manager, to help you manage ALL your valuable IT.  Check out ourstructured, programmatic “IT Manager as a Service” approach to help you.

Your First Name (required)
Your Last Name (required)
Your Email (required)
Telephone (required)
Mobile
Your Message